Re: [GENERAL] More SSL crash woes

Tue, 08 Apr 2008 13:03:51 -0700 

Tom Lane wrote:

The previous thread suggested that you might have a problem with
different bits of code being linked to different versions of libssl.
Did you ever resolve that?  Given the lack of other reports, I'm
pretty suspicious that it's something like that, rather than a real
bug in either slony or PG.


# ldd /usr/local/pgsql/bin/postgres
       ...
       libssl.so.0.9.8 =>       /usr/local/ssl/lib/libssl.so.0.9.8
       libcrypto.so.0.9.8 =>    /usr/local/ssl/lib/libcrypto.so.0.9.8
# ldd /usr/local/pgsql/bin/slon
       ...
       libssl.so.0.9.8 =>       /usr/local/ssl/lib/libssl.so.0.9.8
       libcrypto.so.0.9.8 =>    /usr/local/ssl/lib/libcrypto.so.0.9.8


Now their are 2 subscriber nodes that connect to this node for slony 
replication...
One is running the same version (libssl 0.9.8e) but one is running  
0.9.7e-p1 2.

could this be an issue?


so let's ask what is different between my config and the rest of the 
world....



The stack trace actually was one more level deep and the reference to 
'output_cert_chain' got me thinking....

#0  0xfee8ec23 in sk_value () from /usr/local/ssl/lib/libcrypto.so.0.9.8

#1  0xfef5b05b in ssl3_output_cert_chain () from 
/usr/local/ssl/lib/libssl.so.0.9.8

#2  0x00000000 in ?? ()


Is it unique that I use SSL for encryption but not for authentication?  
I have no root.crt (and see the warning in my logs about   "could not 
load root certificate file "root.crt": No such file or directory.  Will 
not verify client certificates.")

Is this unusual?  Do other people use SSL with postgres JUST for encryption?

Is there something wrong with the way we build/install libssl?
We currently do a pkgadd of the binary from sunfreeware:


/usr/sfw/bin/wget 
ftp://ftp.sunfreeware.com/pub/freeware/intel/10/openssl-0.9.8e-sol10-x86-local.gz

gzip -d openssl-0.9.8e-sol10-x86-local.gz
pkgadd -d openssl-0.9.8e-sol10-x86-local


I went back an researched the nearly identical problems we were having 
under FreeBSD and the stack trace (using a slightly different/older 
version of libssl) looks like a different spot:


(gdb) bt
#0  0x2838e492 in SHA1_Init () from /lib/libcrypto.so.3
#1  0x2838a14a in X509_check_private_key () from /lib/libcrypto.so.3
#2  0x2838a459 in EVP_DigestInit_ex () from /lib/libcrypto.so.3

Any other thoughts?















--
Sent via pgsql-general mailing list (pgsql-general@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general






















					Reply via email to